Linux server got hacked? To do’s for beginners.

Linux hack

Just got email from server provided complaining about spamming from your server? CPU usages is higher than expected? Some process toke all your memory? Or OS acting weird?

Example snippets are relevant to Debian/Ubuntu, try look for command for different linux distribution.

Change password for both root and your user. Follow stackoverflow.

Check what changed in /etc and /var in last 2 days:

find /etc -mtime -2
find /var -mtime -2

If you haven’t changed it, somebody did. Decide what to do with that changes.

Install ClamAV:

sudo apt-get install clamav
sudo freshclam
sudo apt install clamav-daemon

Search for infected files:

sudo clamscan --max-filesize=3999M --max-scansize=3999M --exclude-dir=/sys/* -i -r /

Checks for signs of a rootkit:

Install chkrootkit:

sudo apt-get install chkrootkit

Run chkrootkit:

sudo chkrootkit

You might get some false positive, don’t panic. Google.

Security vulnerabilities comes with negligence, update your OS:

sudo apt-get update && time sudo apt-get dist-upgrade

Some great links that I found:
StackExchange – How do you know your server has been compromised?

Cheers!

Manage JDKs in MacOS

java

Install JDK 9 in MacOS using Homebrew:

brew update
brew cask install java

All Java version get installed here: /Library/Java/JavaVirtualMachines lets take a look.
ls -la /Library/Java/JavaVirtualMachinesList installed JDKs in your OSX:

 $ /usr/libexec/java_home -V

You should get result like this:

Matching Java Virtual Machines (5):
 9.0.1, x86_64: "Java SE 9.0.1" /Library/Java/JavaVirtualMachines/jdk-9.0.1.jdk/Contents/Home
 1.8.0_121, x86_64: "Java SE 8" /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home
 1.7.0_80, x86_64: "Java SE 7" /Library/Java/JavaVirtualMachines/jdk1.7.0_80.jdk/Contents/Home
 1.6.0_65-b14-468, x86_64: "Java SE 6" /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
 1.6.0_65-b14-468, i386: "Java SE 6" /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/Library/Java/JavaVirtualMachines/jdk-9.0.1.jdk/Contents/Home

Install jenv:
brew install jenv

Set JDK by following jenv commands: http://www.jenv.be/

 

Note: Tested on macOS Sierra.